• joneskind@beehaw.org
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Of course there are unreleased 0-days, but you can’t do anything about it.

    And that’s exactly my point.

    Using a different browser until a particular issue is fixed when you are e.g. a journalist still helps with getting hacked.

    Actually no. Because you never know what currently unfixed 0-day is actively exploited in any browser. Using Gecko or Chromium today because Webkit had a security flaw yesterday doesn’t make anything safer. It might comfort you, but that’s it.

    The only important metric is the number of 0-day discovered per year per engine. It’s a matter of probability.

    Changing engine would be like changing dice because you had a bad number, without knowing how many side you’ll get with the new ones.

    • fej@feddit.de
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Ah, now I got what you meant. I was just suggesting switching temporarily while the published 0-day would be public and unpatched, because this is the time in which the issue would be exploited the most.